Malicious PDF — malware analysis report

Static analysis result for SHA-256 57fbe3619a4352f1…

MALICIOUS

PDF

15.1 KB Created: 2020-03-13 20:21:24 +00:00 Authoring application: mPDF 5.7
MD5: fccca98fda17177f72dfafaef518c1d4 SHA-1: 13b4babbc7af5c52e81b6c7780ed0090b77890e7 SHA-256: 57fbe3619a4352f1e2f52fec150c1ba44e210376a11c218994bf21504851a327
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 User Execution: Malicious File

The PDF file contains a large number of embedded links to external PDF documents, all hosted on the suspicious domain 'kitasdyu.myhome.cx'. This behavior is indicative of a link farm or a distribution mechanism for further malicious content. The ML classifier also strongly flagged this PDF as malicious. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9880

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://kitasdyu.myhome.cx/6871873879878878/Robinson-Crusoe-The-Complete-Story-of-Robinson-Crusoe-by-Dan-Larsen.pdf
    • http://kitasdyu.myhome.cx/5873879871875877/Robinson-Crusoe-En-espa-ol-Vida-y-extraordinarias-y-portentosas-aventuras-de-Robinson-Crusoe-de-York-navegante-con-24-ilustraciones-pr-logo-notas-y-bigrafia-by-Daniel-Defoe.pdf
    • http://kitasdyu.myhome.cx/6871873878872874/Robinson-Crusoe-amp-The-Further-Adventures-of-Robinson-Crusoe-by-Daniel-Defoe.pdf
    • http://kitasdyu.myhome.cx/1873873879879873/Robinson-Crusoe-2245-Robinson-Crusoe-2-by-E-J-Robinson.pdf
    • http://kitasdyu.myhome.cx/6871874870876874/Robinson-Crusoe-by-Pat-Rogers.pdf
    • http://kitasdyu.myhome.cx/6871873879879879/Robinson-Crusoe-by-Van-Gool.pdf
    • http://kitasdyu.myhome.cx/7872876874876878/Robinson-Crusoe-by-Daniel-Defoe.pdf
    • http://kitasdyu.myhome.cx/6871873878872875/Robinson-Crusoe-by-Deanna-McFadden.pdf
    • http://kitasdyu.myhome.cx/4878876875873874/Robinson-Crusoe-by-Daniel-Defoe.pdf
    • http://kitasdyu.myhome.cx/6871873879870870/Robinson-Crusoe-by-Evelyn-Goodman.pdf
    • http://kitasdyu.myhome.cx/6871873879875872/Robinson-Crusoe-by-Anthony-Masters.pdf
    • http://kitasdyu.myhome.cx/6871870870870879/Robinson-Crusoe-by-Daniel-Defoe.pdf
    • http://kitasdyu.myhome.cx/7878873872873/Robinson-Crusoe-by-Daniel-Defoe.pdf
    • http://kitasdyu.myhome.cx/9877879877874872/Robinson-Crusoe-by-Daniel-Defoe.pdf
    • http://kitasdyu.myhome.cx/2870879878879874/Robinson-Crusoe-by-Daniel-Defoe.pdf
    • http://kitasdyu.myhome.cx/2870878879871872/Robinson-Crusoe-by-Daniel-Defoe.pdf
    • http://kitasdyu.myhome.cx/8878873870872875/Robinson-Crusoe-by-Daniel-Defoe.pdf
    • http://kitasdyu.myhome.cx/6871873879875874/Robinson-Crusoe-by-Stephen-Feinstein.pdf
    • http://kitasdyu.myhome.cx/6871873879870871/Robinson-Crusoe-by-Nancy-Taylor.pdf
    • http://kitasdyu.myhome.cx/9872878879870871/Robinson-Crusoe-by-Daniel-Defoe.pdf
    • http://kitasdyu.myhom

Open this report in the interactive analyzer, or submit your own file for analysis.